[ Pobierz całość w formacie PDF ]
.A user can receive a privilege two different ways:" Privileges can be granted to users explicitly.For example, the privilegeto insert records into the EMP table can be explicitly granted to the userSCOTT." Privileges can be granted to roles (a named group of privileges), and thenthe role can be granted to one or more users.For example, the privilegeto insert records into the EMP table can be granted to the role namedCLERK, which in turn can be granted to the users SCOTT and BRIAN.Because roles allow for easier and better management of privileges, privilegesare normally granted to roles and not to specific users.The following sectionexplains more about roles and their use.RolesOracle provides for easy and controlled privilege management through roles.Roles are named groups of related privileges that are granted to users or otherroles.The following properties of roles allow for easier privilege management:" reduced granting of privileges  Rather than explicitly granting the sameset of privileges to many users, a database administrator can grant theIntroduction to the Oracle Server 1-31privileges for a group of related users granted to a role.And then thedatabase administrator can grant the role to each member of the group." dynamic privilege management  When the privileges of a group mustchange, only the privileges of the role need to be modified.The securitydomains of all users granted the group s role automatically reflect thechanges made to the role." selective availability of privileges  The roles granted to a user can beselectively enabled (available for use) or disabled (not available for use).This allows specific control of a user s privileges in any given situation." application awareness  A database application can be designed to enableand disable selective roles automatically when a user attempts to use theapplication.Database administrators often create roles for a database application.The DBAgrants an application role all privileges necessary to run the application.TheDBA then grants the application role to other roles or users.An application canhave several different roles, each granted a different set of privileges that allowfor more or less data access while using the application.The DBA can create a role with a password to prevent unauthorized use of theprivileges granted to the role.Typically, an application is designed so thatwhen it starts, it enables the proper role.As a result, an application user doesnot need to know the password for an application s role.Storage Settings and QuotasOracle provides means for directing and limiting the use of disk spaceallocated to the database on a per user basis, including default and temporarytablespaces and tablespace quotas.Default TablespaceEach user is associated with a default tablespace.When a user creates a table,index, or cluster and no tablespace is specified to physically contain the object,the user s default tablespace is used if the user has the privilege to create theobject and a quota in the specified default tablespace.The default tablespacefeature provides Oracle with information to direct space usage in situationswhere object location is not specified.Temporary TablespaceEach user has a temporary tablespace.When a user executes a SQL statementthat requires the creation of temporary segments (such as the creation of anindex), the user s temporary tablespace is used.By directing all userstemporary segments to a separate tablespace, the temporary tablespace1-32 Oracle8 Server Conceptsfeature can reduce I/O contention among temporary segments and othertypes of segments.Tablespace QuotasOracle can limit the collective amount of disk space available to the objects ina schema.Quotas (space limits) can be set for each tablespace available to auser.The tablespace quota security feature permits selective control over theamount of disk space that can be consumed by the objects of specific schemas.Profiles and Resource LimitsEach user is assigned a profile that specifies limitations on several systemresources available to the user, including the" number of concurrent sessions the user can establish" CPU processing time- available to the user s session- available to a single call to Oracle made by a SQL statement" amount of logical I/O- available to the user s session- available to a single call to Oracle made by a SQL statement" amount of idle time for the user s session allowed" amount of connect time for the user s session allowed" password restrictions- account locking after multiple unsuccessful login attemts- password expiration and grace period- password reuse and complexity restrictionsDifferent profiles can be created and assigned individually to each user of thedatabase.A default profile is present for all users not explicitly assigned aprofile [ Pobierz całość w formacie PDF ]

zanotowane.pl

doc.pisz.pl

pdf.pisz.pl

personata.xlx.pl